U.S. arrests 3 men over hacking scheme targeting 60 million people

Posted On: Dec. 15, 2015 12:00 AM CST

Thomson Reuters

(Reuters) — Three men were arrested on Monday for engaging in a wide-ranging hacking and spamming scheme that targeted personal information of 60 million people including Comcast Corp. customers, U.S. prosecutors announced Tuesday.

Timothy Livingston, 30, Tomasz Chmielarz, 32, and Devin McArthur, 27, were named in an indictment filed in federal court in Newark, New Jersey, that charged them with conspiracy to commit fraud and related activity, among other offenses.

Prosecutors said Mr. Livingston, a Boca Raton, Florida, resident, was the leader of a series of computer hacking and illegal spamming schemes that targeted multiple companies and generated illegal profits exceeding $2 million.

The three men were arrested at their respective residences on Tuesday morning, a spokesman for U.S. Attorney Paul Fishman in New Jersey said.

Michael Koribanics, Mr. Chmielarz's lawyer, said his client would plead not guilty at a court hearing on Tuesday. A lawyer for Mr. Livingston did not immediately respond to a request for comment, and an attorney for Mr. McArthur could not be identified.

Prosecutors said Mr. Livingston, who owned a spam company called "A Whole Lot of Nothing L.L.C.," hired Mr. Chmielarz of Rutherford, New Jersey, to author hacking tools and other programs that facilitated the hacking and spamming schemes.

Among the companies they targeted was a Pennsylvania-based telecommunications company that employed Mr. McArthur, a resident of Ellicott City, Maryland, who installed hacking tools in company networks to gain access to records for 50 million people, prosecutors said.

The company was not identified by name in court papers. But Mr. McArthur's LinkedIn page says he worked at Comcast Corp. during the period in question. A Comcast spokeswoman had no immediate comment.

Messrs. Livingston and Chmielarz also compromised tens of thousands of peoples' email accounts, including customers of a New York telecommunications company, which they then used to send spam, the indictment said.

Other companies targeted in the schemes included a New York-based technology and consulting company whose website was compromised and a Texas-based credit monitoring firm that was hacked, the indictment said.

In the case of the unnamed credit monitoring firm, the indictment said Mr. Livingston paid Mr. Chmielarz to write a program to steal a database containing 10 million records.

When law enforcement seized Mr. Livingston's computer in July, they discovered a database with 7 million of that company's records, the indictment said.